IBM Verse Citrix on iOS devices has the ability to be managed by XenMobile Device Management. This article describes the capabilities provided by this environment and how to take advantage of them in your deployment.

The IBM Verse app for iOS supports application management using MobileIron AppConnect Mobile Application Management features. This article describes the capabilities provided by this environment and how to take advantage of them in your deployment.

This document highlights the MobileIron® integration features that have been added to the IBM Verse client for Android, and how to take advantage of them in your deployment. Organizations using MobileIron to manage their mobile applications are now able to take advantage of MobileIron application ...

IBM Verse Citrix on iOS devices has the ability to be managed by XenMobile Device Management. This article describes the capabilities provided by this environment and how to take advantage of them in your deployment.

IBM Verse Citrix on iOS devices has the ability to be managed by XenMobile Device Management. This article describes the capabilities provided by this environment and how to take advantage of them in your deployment.

If your organization does not use XenMobile Device Management, then you can skip this article and you should use the IBM Verse iOS app instead (https://itunes.apple.com/us/app/ibm-verse/id949952976).Minimum requirements
The following components are required at the specified minimum levels.

Managed Application Management (MAM)
IBM Verse Citrix can operate in two different modes: "managed", where XenMobile Device Management is in use and manages application security, and "unmanaged", where an organization does not use XenMobile (or does not use it for managing applications). When an organization decides to deploy XenMobile, or remove it from their environment, applications must somehow discover and switch to the new mode.

One typical case occurs when an organization has XenMobile Device Management deployed and begins to use IBM Verse Citrix. The simplest approach for managing the IBM Verse Citrix application is to first install the Worx Home client on the managed device and set up the security policies on the XenMobile Device Manager and App Controller servers. When IBM Verse Citrix starts, it will detect that Worx Home is installed and configured, and will change its behavior accordingly.

If an organization deploys XenMobile after IBM Verse Citrix is already in use, then it will need to be reinstalled from the Worx Home application Store. Administration
Mobile applications are administered online by the XenMobile App Controller. Users, groups, devices, files,and deployments are administered online by the XenMobile Device Manager. For more information on either console, refer to the Citrix Product eDocumenation regarding the XenMobile App Controller and the XenMobile Device Manager. Key features of XenMobile for IBM Verse Citrix on iOS
When a third party application, such as IBM Verse Citrix, incorporates the XenMobile SDK libraries, the following security features can be enabled.

Authenticate users before accessing managed applications

App-level tunneling for secure access to corporate data without the need for a device VPN

Set a timeout for single sign-on login across your managed applications

Automatically deliver and update policies remotely to the application container based on user and device security postures

Data sharing controls
The data leak prevention settings are described in the XenMobile eDocumentation. These policies can be applied to IBM Verse Citrix by enabling Policies in the App Restrictions settings of the XenMobile App Controller.

The Document Exchange settings in the App Interaction policy are similar to IBM Traveler server administration functions. For example, IBM Traveler 9.0.1.4 allows administrators to specify a list of apps that should be allowed to open attachments. The XenMobile App Controller includes similar capabilities. When using IBM Verse Citrix in a XenMobile environment, the app follows a simple rule when deciding which policy to follow: the IBM Verse policy is ignored and the application behavior is dictated by the XenMobile policies.
Data security
In a XenMobile environment, managed apps like IBM Verse Citrix are notified by XenMobile when the application data needs to be restricted or erased.

This may happen because the device has been lost, has gone out of compliance by resetting the passcode or installing a forbidden app, or the user has left the company. When this occurs, IBM Verse Citrix, like any other XenMobile managed application, will block the application UI and present the user with a message (determined by the administrator or XenMobile) why the app is no longer available. Additionally, if required by the policy, the accounts used by IBM Verse Citrix and all local data will be erased.
Server security policies
Most IBM Verse Citrix iOS security policies are now managed by XenMobile. In the cases where a security policy is still set at the IBM Traveler server for iOS devices, but the same policy can be managed by XenMobile, then the IBM Verse Citrix iOS application ignores the policy setting from the IBM Traveler server.

The following table shows the iOS security policies that can be set by the IBM Traveler server, and whether they are honored by the IBM Verse Citrix iOS application or ignored. A few settings are honored by the IBM Verse Citrix iOS application, as XenMobile does not yet support these capabilities or the capabilities are specific to IBM Verse application behavior.

IBM Traveler policy

IBM Verse Citrix for iOS behavior

Require device password

Ignored – managed by XenMobile

Device password - type

Ignored – managed by XenMobile

Device password - autolock timeout

Ignored – managed by XenMobile

Device password - expiration period

Ignored – managed by XenMobile

Device password - history count

Ignored – managed by XenMobile

Device password - wrong passwords before wiping device

Ignored – managed by XenMobile

Device password - prohibit unencrypted devices

Ignored – managed by XenMobile

Replace application password

Ignored – managed by XenMobile

Application Password - wipe after X failed attempts

Ignored – managed by XenMobile

Application Password - auto lock period

Ignored – managed by XenMobile

Disable Local password storage

Ignored – managed by XenMobile

Prohibit Copy to clipboard

Ignored – managed by XenMobile

Prohibit download of attachments

Honored

Allow only approved applications to access attachments

Ignored – managed by XenMobile

Prohibit Camera

Ignored – managed by XenMobile

Require external domain validation

Honored

Prohibit Devices incapable of security enablement

Honored

IBM Verse for Citrix Configuration MDX Policies
When configuring IBM Verse for Citrix on the Xenmobile App Controller you will see an additional section titled "IBM Notes Traveler Settings" with the following two policies:

IBM Notes Traveler server address - can be used to prepopulate the server information for users when they are initially configuring IBM Verse for Citrix on their iOS device. The format of the policy value is "https://example.com:8890/traveler". The default value of this policy is empty.

Allow Load Remote Images - can be used to determine whether the user can modify the Load Remote Images setting in the iOS Verse client. The default value for this setting is true.

Additional Client configuration of a managed app can be defined and applied on the iOS device using a data dictionary. The dictionary can be defined in the Policy Information section under the Device Policies for the iOS platform in the Configure section of XenMobile. The Identifier for IBM Verse for Citrix should be com.ibm.lotus.travelerCitrix and the format of the dictionary content should be as follows:

In order to use Connections cloud, the URL must be a valid cloud URL containing "collab" and a region code. It is important to ensure that you use the correct region code that matches the IBM Connections Cloud data center that is hosting your company, otherwise unexpected results will occur. For example:

XenMobile macros can be used in place of the user name so a single dictionary can be used for a large user base and have user-specific values appear for each targeted user. Please review Macros in XenMobile for more information.

This exclusion is already included in the default MDX policy, which is publicly available in the Citrix Ready Marketplace. If you need to add the exclusion, then all impacted users must reinstall the Verse Citrix app through their WorxStore for the change to take effect.